Security News > 2022 > May > Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability
2022-05-16 20:24

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.

Tracked as CVE-2022-30525, the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system.

The issue, for which patches were released by the Taiwanese firm in late April, became public knowledge on May 12 following a coordinated disclosure process with Rapid7.

Merely a day later, the Shadowserver Foundation said it began detecting exploitation attempts, with most of the vulnerable appliances located in France, Italy, the U.S., Switzerland, and Russia.

Also added by CISA to the catalog is CVE-2022-22947, another code injection vulnerability in Spring Cloud Gateway that could be exploited to allow arbitrary remote execution on a remote host by means of a specially crafted request.

The vulnerability is rated 10 out of 10 on the CVSS vulnerability scoring system and has since been addressed in Spring Cloud Gateway versions 3.1.1 or later and 3.0.7 or later as of March 2022.


News URL

https://thehackernews.com/2022/05/watch-out-hackers-begin-exploiting.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2022-30525 OS Command Injection vulnerability in Zyxel products
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
network
low complexity
zyxel CWE-78
critical
9.8
2022-03-03 CVE-2022-22947 Expression Language Injection vulnerability in multiple products
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
network
low complexity
vmware oracle CWE-917
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 378 0 69 85 46 200